package win.ganbo.easyframwork.commons.shiro;

import org.apache.shiro.web.filter.authc.FormAuthenticationFilter;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;


/**
 * 自定义FormAuthenticationFilter，认证之前实现 验证码校验
 *
 * @author ganbo
 * @date 2017年5月9日 上午10:49:48
 */
public class CustomFormAuthenticationFilter extends FormAuthenticationFilter{


	//重写原FormAuthenticationFilter的认证方法
	@Override
	protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception {


		System.out.println("用户登录验证码认证..........................");
		//获取表单提交中用户输入的验证码
		String randomcode = request.getParameter("validateCode");
		
		//获取session中的验证码
		HttpServletRequest httpServletRequest = (HttpServletRequest) request;
		HttpSession session = httpServletRequest.getSession();
		String validateCode = (String) session.getAttribute("validateCode");


		//验证码校验
//		if(!(StringUtils.isNotBlank(randomcode) && StringUtils.isNotBlank(validateCode) &&
//				randomcode.equals(validateCode))){
//			//如果校验失败，将验证码错误失败信息，通过shiroLoginFailure设置到request中
//			httpServletRequest.setAttribute("shiroLoginFailure", "randomCodeError");
//			System.out.println("validateCode================>"+validateCode);
//			System.out.println("randomcode================>"+randomcode);
//			//拒绝访问，不再校验账号和密码
//			return true;
//		}
		
		return super.onAccessDenied(request, response);
	}
	
	
}
